DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

MN: Delta Dental Disk with The Smile Center Patient Data on It Stolen Months Ago; No One Notified Patients?! (update1)

Posted on May 19, 2011 by Dissent

Patients at The Smile Center in St. Paul, Minnesota don’t have much to smile about this week. Bill Keller reports on another disturbing breach – one that reportedly occurred four months ago but victims are first being notified now:

Delta Dental is announcing that personal information used in a lawsuit between the company and a St. Paul dentist’s office is missing after a laptop used in the case by an expert witness was stolen from an office at the University of Minnesota.

Though the multi-million dollar suit was settled in April, a disk loaded with personal information is proving unsettling now that it could fall into the hands of identity thieves.

On Monday, Laurie Manke-Senne said she received a note from her dental insurance carrier notifying her that her personal information had been stolen.

“It’s unnerving because our personal information is out there,” she said. “It wasn’t encrypted.”

Delta Dental said it has taken steps to protect its clients from identity theft; however, when the computer disappeared, the state’s largest dental insurer said The Smile Center never told its patients their medical records had been compromised.

Neither Delta Dental nor The Smile Center would say how many people were affected by the theft, but the missing data includes patients at the St. Paul office who were insured by Delta between Jan. 1, 2003 and June 30, 2010.

The Smile Center’s other four offices were not affected.

In a statement, Delta Dental said it has “no indication that the information has been inappropriately accessed, misused or further disclosed.”

So far, it seems the target of the theft was the laptop alone — not the data, but that offers little comfort to those still at risk.

Source: Fox9

Fox9’s news coverage (see video below) indicates that the PHI on the stolen laptop included names, dates of birth, and Social Security numbers.

Not only did The Smile Center reportedly not inform their patients of the breach, but it seems that neither Delta Dental nor The Smile Center are taking full responsibility for the breach because the data were in the possession of a third party – an expert witness in the lawsuit. That said, Delta Dental is offering patients free credit monitor and credit restoration services.

So what will HHS do with this breach? Has anyone reported it to HHS yet? I expect that we will see this one on their breach tool but it will be quite a while before we see what, if anything, HHS/OCR does. This might be an appropriate incident to issue a fine for not notifying patients in a timely fashion.

Update 1: Delta Dental issued a statement. The statement indicates:

The disc contained the names, dates of births, Social Security numbers and limited dental claims data (dental codes, amounts paid, dentist ID numbers) for certain individuals covered by Delta Dental who were patients of The Smile Center dental clinics between January 1, 2003 and June 30, 2010. The disc also contained similar data for certain public programs enrollees, but did not contain Social Security numbers for those enrollees.

The statement seems to put the responsibility for notification on The Smile Center:

As part of a lawsuit between Delta Dental and The Smile Center dental clinics, Delta Dental was required to provide the disc containing the data to The Smile Center dental clinics, their law firm, and their expert witness. Delta Dental turned over the disc under the terms of a protective order entered by the court in the lawsuit. The Smile Center dental clinics, their law firm, and their expert witness were required by the court order to protect the disc and the data. At the time of the theft, the disc was in the custody and control of the expert witness for The Smile Center dental clinics at his University of Minnesota office.

In response to my tweet earlier today about how patients were not notified of the breach that Fox9 says occurred four months ago, @DeltaDentalMN tweeted:

@PogoWasRight False. Delta Dental notified ALL individuals whose Social Security numbers were on stolen disc. http://tinyurl.com/3myz3wn

I replied, asking them to confirm *when* the laptop was stolen and *when* they notified patients. If I get a response, I’ll update this entry.

Note that I did not and am not asserting that it was Delta Dental’s responsibility to notify the patients. My original point was that a breach seemingly happened and patients weren’t notified and someone should be held accountable for that – and nothing that I’ve read since my original post changes that opinion.

Category: Breach IncidentsHealth DataOf NoteTheftU.S.

Post navigation

← MN: Delta Dental Disk with The Smile Center Patient Data on It Stolen Months Ago; No One Notified Patients?! (update1)
Federal lawsuit blames Michaels for PIN thefts →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.